Installing WSUS for Configuration Manager 2012 R2

Installing WSUS for Configuration Manager 2012 R2 After installing SQL server for Configuration Manager 2012 R2, we will now see the steps for Installing WSUS for Configuration Manager 2012 R2. WSUS is Microsoft’s separate, stand-alone server-based product for distributing updates to Windows systems. WSUS also uses the WUA to scan for patch applicability and subsequently install updates delivered by WSUS. WSUS 3.0 Service Pack 2 is required for System Center 2012 R2 Configuration Manager. SCCM 2012 R2 supports only 64-bit site systems, you must use the 64-bit version of WSUS on one of the supported 64-bit editions of Windows Server. The WSUS 3.0 SP2 is available here:- http://www.microsoft.com/en-us/download/details.aspx?id=5216

Here is a video tutorial for installing WSUS for SCCM Configuration Manager.

Installing WSUS for Configuration Manager 2012 R2

Choose WSUS Services and Database as these are the ones that are actually required. We will not select WID Database here. Click on Next.

Content Location Selection – In this folder the WSUS downloads and stores license terms for specific software updates in the update content folder. During the update synchronization process, Configuration Manager looks for applicable license terms in the content folder. If it cannot find the license terms, it will not synchronize the update. Provide a folder path and click on Next.

Database Instance Selection – Specify the database server where you want to store the WSUS database. Click on Check connection and you must see the message Successfully connected to server. Click on Next.

Click on Install.

Once the installation is complete click on Launch Post-Installation tasks.

Wait until you see the message Configuration successfully completed. Click Close.

Launch Microsoft SQL Server Management Studio and under Databases you will find SUSDB is created.

Note – We should not configure the WSUS configuration wizard, going forward Configuration Manager must be used to synchronize updates, download updates and deploy updates. It is okay to go into the WSUS console to review updates or the synchronization status, but you should not perform tasks such as approving or declining updates because it can adversely affect Configuration Manager’s software update management capabilities. With this the installation of WSUS for Configuration Manager 2012 R2 is complete.

Hi Prajwal, I installed WSUS on my windows 2016 server and it was installed successfully. I didnt configure it as you mentioned. but i cant see SUSDB created under Databases? am i missing something? I havent installed SCCM yet.

What steps (if any ) need to take place if you accidently click on “Launch Post installation tasks” after WSUS installation. I didn’t click next on the wizard, but hit cancel, This notice was showing as flagged in server manager tasks and I ran the task from server manager. Not sure if it was the same thing. I now see a ID:13051 Warning for WSUS. Please advise.

Thank you for your great post on installing SCCM. I’m running into an issue with WSUS service. My environment is Windows Server 2012R2, SQL 2014. SQL, WSUS Service, and SCCM are in the same Windows Server 2012R2. After I installed WSUS Service successful, then close the Windows. When I open the WSUS Console, it forced me to configure: Complete WSUS Installation (Sorry, I can’t insert the screenshot in the post). When I clicked Run, and I got error as follow below. I have also tried to uninstalled both WSUS Service and IIS, and re-installed both of them. I also configured IIS binding on Default Web Site for both http ports 80 & 8530. Now, I configured IIS binding only port 8530, but still got the same error. I’m at the dead end and need your help. Thank you very much.

For performance reasons I want to move WSUS/SUP to a seperate server, within the primary SCCM site. On that server I installed IIS, WSUS (with necessary hotfixes), SQL2012 express and finally a software update point through the SCCM console. (so SUP is the only additional role for the new server and the existing SUP on the primary site server)

Installations all went fine, but when firing it up, the WCM log on the primary reports both SUPS but can’t connect to the new SUP ; The request failed with HTTP status 503: Service Unavailable.

I have a question. I was searching the system requirements for installing WSUS 3.0 SP2 on Windows Server 2012 R2. The only thing I can find is documents about system requirements for installing WSUS 3.0 SP2 on Windows Server 2008 and Windows Server 2008 R2. Does this automatically mean that it also works on Windows Server 2012 R2? Should I just follow the guide and install WSUS via console manager or install WSUS 3.0 SP2 via the link you provided?

I did something that I should have not done. I removed the WSUS role and when I restarted I try to login, I only get the cmd prompt. I’ve tried your steps Switching from Windows Server 2012 Core to GUI, but for some reason I cannot use powershell so I am not able to do the last part. Any ideas if it is fixable?

I have an issue connecting my SCCM 2012 vm (existing) to my WSUS (existing) server. We don’t wish to do any client updates, as the WSUS server works just fine for that. I only want to update the .wim images monthly so when we push out to new computers we don’t have to run updates and have it go through 100+ updates. Could you assist in any way? I’ve gone over so many configurations and would prefer to not move my WSUS and merge it on the SCCM 2012 vm.

But since i thought you can merge WSUS with SCCM 2012 you don’t use DISM anymore. that is more for sccm 207. What I am willing to do is make a seperate WSUS on the SCCM 2012 vm and use it only for .wim updates. What are your thoughts on that?

we have sccm2012 r2 infrastructure, was planning to do a wsus clean up we do have 3 wsus server one upstream and one downstream is workign fine but another downstream wsus15 fails to connect it says please make sure post-installatio taks is completed successfully in that server and event: The WSUS content directory is not accessible.with error ID 12072, 7000

I forgot to install WSUS before I installed SCCM 2012 R2 SP1. I have install SQL 2014 and SCCM 2012 R2 SP1 on my Virtual Windows Server 2012 R2. When I install SCCM, I named the database name is CM_XYZ. Now I just installed WSUS on the same server (Server 2012R2). It automatically generated database SUSDB in SQL Database. How do I change the database name in SCCM so that I can use SCCM to deploy Windows Updates. I ran synchronization in WSUS and see all the Windows Updates; however, I don’t see anything in SCCM Manager Console. Thank you for your help!

Hi, thank you for the posts. I forgot to install WSUS before install SCCM R2. I have installed SQL 2014, SCCM R2 SP1 on my Windows Server 2012 R2. When I installed SCCM 2012 R2 SP1, the database name CM_XYZ. Now I just installed WSUS, and it automatically generated SUSDB database on my SQL database. How do I change the database in SCCM R2 Manager Console to SUSDB so that I can use SCCM for Windows updates? Thank you for your help!

Dear Prajwal Desai, i just configured SCCM 2012R2 in my office by following your steps. At the time, when i installed wsus i accidentally configured the wsus configuration wizard. I successfully installed the SCCM but at the time when im trying to deploy updates to systems, it doesn’t install. what can i do next to install updates through wsus? please help me.

well once again you’ve helped me connect WSUS to SCCM. It works flawlessly, howevever I did spend about 1 week trying to get it configured properly. Might I suggest that after the very last step where you say to click cancel, thats perfect and all but a very important and crucial step is to open Windows server update services and click on okay, after doing this it syncs up with the SQL server and then after that open up the CMtrace tool and review the wsyncmgr.log and wcm.log to make sure its syncing correctly. Hopes this helps anyone else having the same issue I did.

so if you miss this step how can you get it working? if I open WSUS app and try to ‘connect’ to the server it says that it’s not connected to an SQL database :/ not sure if this is the reason why I cannot get sccm12 r2 to sync with the windows update server (online) at ALL I keep getting errors and it won’t download any updates or anything.

i am referring to windows server backup tools feature that let me backup the whole OS and files if u used it to backup my server do i need to back up SCCM separately ? or if i backup using windows sever backup tools i am set?

btw i have 1 extra question i am having problem with wsus post configuration 1st of all after i installed it and choose db option instead of wid db i got error in post installation wen trying to connect to it befor showing the wizard i checked the log and the main problem was some thing about index boundary error i think its problem with sql i am not sure tho. after i tired to reinstall 4 times with same error i tried deleting iis site as recommended by some 1 same issue i reinstalled to WID db worked just fine

so i am not sure how to fix this issue if you have any recommendation i would appreciate it .

also i had 1 more question if there is anyway to delete the WSUS configuration bec. after i installed WID DB it doesnt show the wizard for configuration it just gets me right into the wsus utility .

installing AD on main server , creating a domain , adding client pcs to this domain Isnt the above steps imp b4 setting up a SCCM env ?? SCCM can work across diff domains , agreed but pls take the simple scenario first !!!! 2 pcs , one win server and another win 7 I want sccm server on one and another as sccm client..!!! shudnt both the pcs be connected over n/w , and then shudnt i be creating a domain and addin win7 pc as the client to the domain and then do all the SCCM setting up..!!!!!!

Yes Manish those steps that you mentioned are really important, one cannot proceed without that. The reason why that was not covered is its too basic for a IT person who is deploying SCCM. If you are deploying SCCM then its assumed that you have initial setup ready, if you want me to document and post even that I will do that .. that should not take much time..

Not at all!!! i aint questioning you..!!! I just wanted to be very clear abt the n/w part..!!! I have asked these questions in AD grps too but noone seem to hav an exact answer..!!!! tht whether 2 pcs shud b in same nw before joinin them into a common domain !!!i undrstnd it sounds inane..!!! but at d same time, i have got replies like SCCM can handle clients in other domains( trusted relation) , and also can handle clients which r not even connected to any nw or any domain i.e a workgrp pc !!!! thx fr d reply..!!!

The blog is quite good…!!! and the pre-req part is similar to other sites but its not clearly mentioned anywhere in any site or blog, why we need to create a SCCM container, why right has to be given ? why wsus is needed? if sccm will handle updates then for wht purpose wsus is needed!!!! Things like whether a domain has to be created b4 all this ?

thx for replyin. Its server 2012 standard edition. I have only one build. And i am using the trial versions of everythin. Server 2012, sql 2012 sp1 and sccm 2012 r2. Everything is on same machine. I followed all ur links and did d same and everythin was fine till the susdb appearance in sql. My pc name is SCCMServer and domain is lab.com. Hence the window where u entered sccm.prajwal.local, I entered SCCMServer.lab.com. I guess its correct. I am not able to figure out d issue. Is it may be bec sql is in its trial mode!!!! these trial mode apps never work perfectly wid all their features i guess.

Curretly we are using SCCM 2012 R2 and deploying updates. Now we would like to windows updates in my remote site locations also please suggest what is the procedure and what need to be done. From current place if I deploy updates the internet bandwidth is a probelm. Please suggest ASAP.

I tried in server 2008 and it was fine..!!! In server 2012, after enabling wsus, there is a reboot and after that, i clicked the wsus notification and went ahead.. and then wsus appeared in sql (altho i kno we shud not configure wsus)…

I am facing issue when i try to install WSUS Error:configuration failed for windows server update services My log file:getting this one conifguration failed log file was created in C:\user\Administrator\Appdata\Local\Temp\tmp89. can you help this one

first of all thanks for your great post I am not sure what is wrong but SCCM 2012 R2 is working fine which installed in windows 2012 R2 and the latest WSUS server version 4 is installed it is synchrization with server is working fine (according to the log ) no error in either WCM log or WSUSCrtl log when you add the update software point the settings button is never appears in the property button only generals and proxy settings appears with common message “for configuration manager to use a software update point that is not installed on the site server on the site server you must install WSUS administration console in the site server”

the above message in several post it is mention two updates ( KB2720211 & KB2734608) needs to be installed but that for WSUS 3 with SP2 not for WSUS 4 did you have any idea what could be the slotion

When i checked wht wsyncmgr.log file it states that theFound 1 SUPs Found active SUP (servername) from SCF file DB Server not detected for SUP (servername) from SCF file.skiipping Sync failed. WSUS update source not found on site XYZ

I have reviewed the WCM.log and it says” The request failed with HTTP Status 404: Not Found~~at Microsoft.UpdateServices.Administration.AdminProxy. CreateUpdateServer” “Remote configuration failed on WSUS Server

The funny thing is I can successfully open WSUS admin console and see all updates.

I installed successfully installed WSUS and the SUP on my SCCM 2012 R2 server (OS Windows 2012 R2 Datacenter). However, does the SUP role on SCCM 2012 R2 have to be installed on the same server that house the WSUS database(SUSDB installed on remote db server)? I’m asking because Im not able to synchronize software updates from SCCM. Also primary site and database are on separate servers.

Prajwal – First off – great guides. Thanks for posting them. I have a question concerning the WSUS install. In your guide here you advise to cancel the WSUS install before configuring the task. But in your guide on deploying Software Updates, you advise to Create a Windows Server Update Services 3.0 Web site . Can you explain? I didn’t create the Website during the WSUS install, and now the Post Install Task runs in order to open WSUS, but it fails. Here is the error:

Log file is located at C:\Users\ap-svc-sccm2\AppData\Local\Temp\tmp4F6B.tmp Post install is starting Fatal Error: The schema version of the database is from a newer version of WSUS than currently installed. You must either patch your WSUS server to at least that version or drop the database.

I have decided to retire my existing WSUS server go with the SCCM for updates. I’m followed your guide til the end but don’t see SUSDB in my SQL Management Studio after installing WSUS on the same server as SCCM after multiple reboots. Am I missing something? I know I’m not supposed to run the post install configuration, but when I do, I get an error message saying that access to the remote directory is denied. What account should I be granting to the share for WSUS content?

Thank you very Much for your support & Guide Line for the Installtion of wsus, sup Role etc.

Now My SCCM 2012 sp1 working fine & Push all the 30 servers (out of 55 servers ) Security updates as well as 300 (out of 423)workstation updates.

i would like to know My SCCM 2012 SP1, SCOM SP1 , SQL DATABASE 2008 R2 (All three servers with windows 2008 R2), kindly let me know if i need to push any recommended windows updates or security patches for all three server. If any mention to me or give the Link.

Also My all error is vanish form Event Log except Exchange connector (Event id 1020). Now i Escalate to My Exchange admin to veriify or allow proper connector permission to My sccmadmin Account for configure the connector. If Anything othr than this kindly let me know.

It is always recommended to install the windows updates on the servers. Since these all are critical servers, you must first create a similar test environment and deploy windows updates on to lab machine /test machine and if the updates do not cause any issues then you can deploy the same updates on the production machines. In some companies the updates are deployed in the second week of every month, before the updates are deployed a full backup of the machine is taken first.

I would suggest you to have a test environment similar to prod one, test the updates there and then deploy it to prod machines.

After i taken Two differnet snapshot Beofre &After installtion of wsus.30 with sp1 & two PACTHES.

NOW WSUS 3.0 WORKING FINE & WINDOWS UPDATE , Synchronization fine

But thirdy party told me to uinstall sup role as well as wsus 3.0 7 & reinstall it same time

. after installtion of wsus only i am able to unstall & install the role of SUP for some reason. i would like to know , no iusse if i done above steps. or i need to uinstall & install both role same time. .(just installtion not update),

WSUS take 24 hours to synchrnization with SUP….?

Install wsus without doing update & install SUP ROLE as well…? then i need to do Later wusu update (synchronization) please guide me how to check or update on the configration Console of SCCM 2012 SP1 that SUP synchronizing with WSUS . otherwise i will try to install again both role same time.

Thanks for your replay! sorry to bother you again. could you please tell me we have already running SCCM 2007 R3 sp2 in our environment, I couldn’t deploy the FEP 2010 in windows 8.1 through SCCM, bcz win8.1 already have a defender on it. even can’t do it with out SCCM. So is that possible with sccm 2012R2. I am installing 2012r2 in test environment before deploy it in our network to make sure that everything goes smoothly. I there any thing I need to concentrate before deploy it. I am planing to uninstall 2007 completely later and install the new one after testing.

As per Microsoft “We are adding support for Windows Server 2012 R2 and Windows 8.1 in both System Center 2012 Endpoint Protection (includes Service Pack 1 and R2) and Forefront Endpoint Protection (FEP) 2010 with Update Rollup 1 applied. This support and any required updates will be available in the same timeframe as System Center 2012 R2 general availability.”

These notes are really helpful, thanks for all you support. would you mind telling me, do I really need to extend schema, the reason I am asking is we don’t hold schema, It managed by our head office IT team, can I able to install and set-up sccm 2012R2 without that? Please let me know.

Thank you Muzammil..Extending the active directory schema is optional. Microsoft recommends to extend the schema because it allows clients to retrieve many types of information related to Configuration Manager from a trusted source. If you don’t extend the schema then you might have to work more on managing the clients in your organization such as collection or listing users, computers in your organization. For example when you push the clients using SCCM the clients can locate the management point using active directory domain services and if you don’t extend the schema then you have configure the server locator point.

well, even if you use scomadmin account need permissions of the connector or any account connector permission (Privilege) fine. As earlier also I went to that link & details regarding connector permission etc. even I added my exchange server (dns), but my account might not not having that permission .

But when you try to add exchange server above error The SMS Provider reported an error & with all details description .., then it will go to add menu .. what is the reason for ? we need to correct issue before adding this exchange DNS , not because of my wsus update & synchronization issue..?

. As we Cross check our configuration in domain part firewall exceptions and open the ports required as you told me, no issue both ports are open. Also our wsus last update was 25/11/20013 . But now just waiting for top management to approve for go head with wsus installation & patches ,once job done I will update you exactly what.

Mean time I would like to know as I am new to SCCM server from couple of weeks I am trying to configure exchange connector same server but some reason it also come up with below error, is it related above issue only…?can you guide me what to do…

Stack Trace: at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.d__0.MoveNext() at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.GetExistingExchanges() at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.InitializePageControl() at Microsoft.ConfigurationManagement.AdminConsole.SmsWizardPage.Initialize()

System.Management.ManagementException Unexpected error

Stack Trace: at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.d__0.MoveNext() at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.GetExistingExchanges() at Microsoft.ConfigurationManagement.AdminConsole.ExchangeConnector.ConnectionPageControl.InitializePageControl() at Microsoft.ConfigurationManagement.AdminConsole.SmsWizardPage.Initialize()

I have a problem: installed WSUS role and Update Point on the SCCM 2012R2 server, not liked it and removed it. Clients now not reporting to WSUS. Uninstalled the WSUS role, installed the WSUS role on another server. Clients still not reporting to WSUS (not even trying according to the windowsupdate.log).

BUT how does this work for me? However the Update Point is uninstalled fromm SCCM I can still configure it (also th ereporting settings). But will this have any effect to the clients?? How ‘reads’ the client this setting? Rob Mulder

2) Rather than turning off the firewall it is recommended to configure the firewall exceptions and open the ports required for sccm 2012 sp1 client push. Configure the group policies first and then start the WSUS installation.

after I taken snapshot of server, I am able to uninstall wsus from remove role, As I told to you earlier that I am unable install from add role it shows some network connectivity issue for update. now I decided to install WSUS Manually & try to update . Please let me know if any…

I would like to know what is main reason of “The SMS Provider reported an error” when we try to create the application. for deploying But when I update the patches kb/2734608 & kb/2720211, this SMS Provider error disappear. Earlier also same error then i expand my hard disk space then this error gone.

I hope after installation of WSUS 3.0 sp2 , I am able to see console, able to create software group, & windows update , synchronization issue & SMS provider error also vanish. Please if any configuration or update need let me know.

4 7:32:48 AM, component SMS_WSUS_SYNC_MANAGER on computer XXXXXXXXXD reported: The operating system reported error 2148734208 then, after taken snapshot , then remove the role of WSUS & Try to add it again, but while try connect for update display with network error, My all ports all open as open & no proxy as well , My browser is working fine. Please guide me why my windows update not working …

Hi Arshad, when you install WSUS for SCCM 2012 you should not use WSUS console because SCCM will manage the deployment of software updates. Check the port settings configured for the active software update point and make sure they are the same as the port settings configured for the Web site used by WSUS running on the active software update point.

Alright, my only question is from where are you installing WSUS ? From Add Roles and Features wizard or by downloading WSUS setup file from Microsoft ? Please note that in the post I am using server 2012 R2 and I have installed WSUS from Add Roles and Features.

You cannot see SUSDB prior to installation of SCCM because you did not configure it and your guide says Once the installation is complete DO NOT click on Launch Post-Installation tasks. The screenshot you are showing shows the situation after SCCM has been installed because I can see your CM_IND database. Correct me if I’m wrong.

Hi Steven, you are right, the CM_ Database cannot be seen unless you have installed SCCM 2012. I had actually taken the screenshot after installing the Configuration Manager. Thanks for mentioning that, I will update it with appropriate screenshot.. 🙂